summaryrefslogtreecommitdiff
path: root/cpp/src/IceGrid/Activator.cpp
diff options
context:
space:
mode:
authorBenoit Foucher <benoit@zeroc.com>2006-05-11 08:47:13 +0000
committerBenoit Foucher <benoit@zeroc.com>2006-05-11 08:47:13 +0000
commitc5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c (patch)
tree50ac9405a24d251fb4ba2539ee0f6a8cf7f95480 /cpp/src/IceGrid/Activator.cpp
parentFixed XML writing (diff)
downloadice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.tar.bz2
ice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.tar.xz
ice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.zip
Added support for setting user under which the process should run.
Diffstat (limited to 'cpp/src/IceGrid/Activator.cpp')
-rw-r--r--cpp/src/IceGrid/Activator.cpp57
1 files changed, 55 insertions, 2 deletions
diff --git a/cpp/src/IceGrid/Activator.cpp b/cpp/src/IceGrid/Activator.cpp
index 4bf9fed248a..bea536fbb49 100644
--- a/cpp/src/IceGrid/Activator.cpp
+++ b/cpp/src/IceGrid/Activator.cpp
@@ -25,6 +25,7 @@
#ifndef _WIN32
# include <sys/wait.h>
# include <signal.h>
+# include <pwd.h> // for getpwnam
#endif
using namespace std;
@@ -76,8 +77,12 @@ reportChildError(int err, int fd, const char* cannot, const char* name)
strcpy(msg, cannot);
strcat(msg, " `");
strcat(msg, name);
- strcat(msg, "': ");
- strcat(msg, strerror(err));
+ strcat(msg, "'");
+ if(err)
+ {
+ strcat(msg, ": ");
+ strcat(msg, strerror(err));
+ }
write(fd, msg, strlen(msg));
close(fd);
@@ -339,6 +344,7 @@ int
Activator::activate(const string& name,
const string& exePath,
const string& pwdPath,
+ const string& user,
const Ice::StringSeq& options,
const Ice::StringSeq& envs,
const ServerIPtr& server)
@@ -447,6 +453,30 @@ Activator::activate(const string& name,
// Activate and create.
//
#ifdef _WIN32
+
+ if(!user.empty())
+ {
+ vector<char> buf(256);
+ buf.resize(256);
+ DWORD size = buf.size();
+ bool success = GetUserName(&buf[0], &size)
+ if(!success && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
+ {
+ buf.resize(size);
+ success = GetUserName(&buf[0], &size);
+ }
+ if(!success)
+ {
+ SyscallException ex(__FILE__, __LINE__);
+ ex.error = getSystemErrno();
+ throw ex;
+ }
+ if(user != string(&buf[0]))
+ {
+ throw "can't run `" + name + "' under user account `" + user + "'";
+ }
+ }
+
//
// Compose command line.
//
@@ -652,6 +682,29 @@ Activator::activate(const string& name,
//
//
+ // Change the user under which the process will run if a
+ // specific user is set.
+ //
+ if(!user.empty())
+ {
+ struct passwd* pw = getpwnam(user.c_str());
+ if(!pw)
+ {
+ reportChildError(0, fds[1], "unknown user", user.c_str());
+ }
+
+ if(setgid(pw->pw_gid) == -1)
+ {
+ reportChildError(getSystemErrno(), fds[1], "cannot set process group id for user", user.c_str());
+ }
+
+ if(setuid(pw->pw_uid) == -1)
+ {
+ reportChildError(getSystemErrno(), fds[1], "cannot set process user id for user", user.c_str());
+ }
+ }
+
+ //
// Assign a new process group for this process.
//
setpgid(0, 0);